Product Troubleshooting WithSecure Business Suite Announcements

Network addresses for WithSecure on-premise products

UPDATE 2024-09-06: Added a note to highlight that product functionality can be affected if access to these network addresses is not allowed

UPDATE 2024-01-25: Updated references to aspam.sp.f-secure.com

For many customers, WithSecure products will function correctly without needing to know which servers the products connect to.

However, some administrators tightly control which network addresses they allow their clients to connect to (“Egress control” or “outbound connections”), and it is mandatory that they allow connections to the following addresses. WithSecure cannot guarantee the functionality of the products if access to these addresses is blocked.

The product may not function correctly if access to these network addresses is not allowed.

In addition, WithSecure Linux Security 64 and WithSecure Atlant can use an offline mode, which can help in isolated environments. Please note that this will limit some functionality. Please check the user guides for more information

Please note that all the following require outbound connections to TCP/443 unless otherwise stated.

Additionally, any products listed in this document also includes F-Secure branded versions of the same products.

Recommendations

WithSecure recommends, where possible, that administrators allow outbound access to all address under the withsecure.com and fsapi.com domains. We do appreciate that this is not always possible due to firewall configuration limitations, or even from an operational perspective, so we are publishing an explicit list of server addresses.

Please note that we do not guarantee this list of addresses is complete or will stay unchanged, so we strongly recommend bookmarking these articles for future reference. We will update these articles whenever needed.

WithSecure Business Suite

Business Suite includes:

WithSecure Policy Manager (Windows & Linux)
WithSecure Policy Manager Proxy (Windows & Linux)
WithSecure Client Security (including Premium, Mac)
WithSecure Server Security (including Premium)
WithSecure Linux Security 64

For environments that only connect to the internet via the Policy Manager, it is enough to ensure that the Policy Manager (or Policy Manager Proxy) can reach these services. For environments using a combination of Business Suite and Endpoint Detection and Response, the EDR endpoints will need direct access to some of these services.

Business Suite 16 onwards

corp-reg.fsapi.com

This server is used by Policy Manager for license registration. Blocking this server will prevent license validation.

guts2-old.fsapi.com (also TCP/80)

This server is used by Policy Manager to serve updates for 15.x clients. Please note that this service will cease on 30 September 2024

guts2.fsapi.com (also TCP/80)

This server is used to deliver updates for scanning engines and detection rules, and for some products updates to the software itself. Blocking this server will completely stop security updates.

a.karma.sc2.fsapi.com

restmc.mind.sc2.fsapi.com

api.doorman.fsapi.com

Backend services needed for Security Cloud functionality

baseguard.doorman.fsapi.com

api.disobus.fsapi.com

Backend services required for EDR for Business Suite to function

api.prd.glb.us-prd.fsapi.com

Used to control updates for Linux Security

Business Suite 15 and earlier (only valid until September 30th 2024)

corp-reg.f-secure.com

This server is used by Policy Manager for license registration. Blocking this server will prevent license validation.

guts2.sp.f-secure.com (also TCP/80)

This server is used to deliver updates for scanning engines and detection rules, and for some products updates to the software itself. Blocking this server will completely stop security updates.Note: This service ends on September 30th 2024

a.karma.sc2.fsapi.com

api.doorman.fsapi.com

restmc.mind.sc2.fsapi.com

Backend services needed for Security Cloud functionality

baseguard.doorman.fsapi.com

api.disobus.fsapi.com

Backend services required for EDR for Business Suite to function

update.sebe.fsapi.com

Used to control updates for Linux Security

Internet Gatekeeper (only valid until December 31st 2024)

All versions

aspam.sp.f-secure.com

This service will be removed during Q2 2024, replaced by aspam.fsapi.com

aspam.fsapi.com

These services are used to check email content for Spam in the IGK product.

WithSecure Email and Server Security

While WithSecure Email and Server Security is not part of Business Suite, the network addresses needed are the same as for Business Suite, with the addition of a couple of extra address

ESS version 16 onwards

aspam.sp.f-secure.com

This service will be removed during 2024, replaced by aspam.fsapi.com

aspam.fsapi.com

These services are used to check email content for Spam in the ESS product.

ESS version 15 and earlier

aspam.sp.f-secure.com

This service is used to check email content for Spam in the ESS product.

WithSecure Atlant

Future versions (1.0.319 and newer)

guts2.fsapi.com (also TCP/80)

This server is used to deliver updates for scanning engines and detection rules, and for some products updates to the software itself. Blocking this server will completely stop security updates.

api.prd.glb.us-prd.fsapi.com

Used to control updates for WithSecure Atlant

aspam.sp.f-secure.com

This service will be removed during 2024, replaced by aspam.fsapi.com

aspam.fsapi.com

These services are used to check email content for Spam in the Atlant product.

rpmrepo.fsapi.com

This service is used to deliver updates to the Atlant Virtual Appliance

a.karma.sc2.fsapi.com

baseguard.doorman.fsapi.com

Backend services needed for Security Cloud functionality

provisioning.ew1.entitlements.fsapi.com

api.disobus.fsapi.com

These services are only used when license key is used for Atlant. They are not required when a license file is used

Older versions (up to 1.0.295)

guts2.sp.f-secure.com (also TCP/80)

This server is used to deliver updates for scanning engines and detection rules, and for some products updates to the software itself. Blocking this server will completely stop security updates.

update.sebe.fsapi.com

Used to control updates for WithSecure Atlant

orsp.f-secure.com (also TCP/80)

*.orsp.f-secure.com (also TCP/80)

These services are used to handle cloud reputation requests

aspam.sp.f-secure.com

These services are used to check email content for Spam in the Atlant product.

rpmrepo.sp.f-secure.com

This service is used to deliver updates to the Atlant Virtual Appliance

baseguard.doorman.fsapi.com

provisioning.ew1.entitlements.fsapi.com

api.disobus.fsapi.com

These services are only used when license key is used for Atlant. They are not required when a license file is used